EEP || Cybersecurity Investing Trendjacking (7d)

Regulatory Tailwinds: EU NIS2, DORA, AI Act, and CISA Actions

Regulatory Tailwinds: EU NIS2, DORA, AI Act, and CISA Actions

Key Questions

What vulnerabilities has CISA added to its Known Exploited Vulnerabilities catalog?

CISA added Fortinet FortiSandbox and Microsoft SharePoint flaws to the KEV list due to active exploitation. Organizations have a 24-hour window to address these issues.

What are the key deadlines for EU NIS2 compliance?

NIS2 deadlines include June 2026 for transposition and October for registration. The EU Cybersecurity and AI Action Plan operationalizes NIS2, DORA, and the AI Act.

What incident reporting timelines does the UK Cyber Security and Resilience Bill propose?

The bill proposes 24/72-hour incident reporting requirements. This aligns with broader efforts to strengthen critical infrastructure defenses against nation-state actors using AI.

EU releases Cybersecurity and AI Action Plan operationalizing AI Act, NIS2, DORA, Cyber Resilience Act. NIS2 deadlines (June 2026, October registration). CISA adds SharePoint exploits and FortiSandbox bugs to KEV (active exploitation, 24-hour window), issues new CVD guidance. UK Cyber Security and Resilience Bill proposes 24/72-hour incident reporting. Critical infrastructure: NSA/18 partners alert on router exploits, only 31% patch rate. Tenable CSO warns of AI-driven nation-state attacks with 80-90% autonomous intrusion, highlighting OT visibility gaps. Vanta GRC podcast highlights board-level risk translation. New: DevGovOps article addresses DORA compliance gap from AI agents, with 35% AI-generated code and 48% slow audit data points, reinforcing need for pipeline-embedded governance.

Sources (2)
Updated Jul 19, 2026
What vulnerabilities has CISA added to its Known Exploited Vulnerabilities catalog? - EEP || Cybersecurity Investing Trendjacking (7d) | NBot | nbot.ai